Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Cisco Ironport increase is spam getting through?
From: Will Froning <will.froning () GMAIL COM>
Date: Sun, 30 Dec 2012 09:41:58 +0400

Hello Jason,

Jason Murray wrote:
For those of you that use the Cisco Ironport anti-spam appliances, have
you noticed an increase in spam making it through unmarked in the past 6
months?  In the past we would see 1 or 2 messages a week get though, now
I am getting complaints from my users that a dozen or more a day are
getting though.

Ironport customer for 3 years now.

We have seen an increase in spam, but it more closely matches what Cisco support says (targeted) rather than obvious porn spam. The majority of our bulk mail that isn't caught is via googlegroups and in Arabic (we are based in UAE).

We are running the 7.6.x code base.   All the anti-spam rules are
updating automatically as they should be.


I opened a support case with Ironport and they sent back some generic reply:

The nature of spam is always changing, and we are always adjusting our
rules to do our best to catch it while minimizing false positives. Over
the past year or so, there has been less bulk, easy to catch spam and
more targeted, harder to catch spam. This may be why you notice more
spam getting in. As always, we appreciate it if you can submit missed
spam samples so we can improve out engine. See instructions later.



While I would agree with this somewhat, we are now starting to see
blatantly obvious spam getting though (porn).


We have have used Ironport for 6 years now, and we have never had this
much spam get though.   Before I continue to press Cisco for an answer,
I am curious if anyone else is seeing similar issues.

I like how relatively simple Ironport is, but I really miss the ability to tweak rules like I could with PureMessage (pre-Sophos)...

Thanks,
Will

--
Will Froning
Unix/InfoSec/Network Admin
Will.Froning () Gmail com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault